Overview

overview

10

Static

static

10

spy-agent-...ux.run

linux_amd64

7

spy-agent-...ux.run

linux_mipsel

7

spy-agent-...ux.run

linux_mips

1

Resubmissions

11-06-2021 18:36

210611-dgt8yndgw6 10

06-01-2021 03:28

210106-k31d8h8dkx 10

25-11-2020 08:48

201125-mhfnf9gxta 10

24-11-2020 11:08

201124-yfsf7l7s3s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    spy-agent-setup-linux.run

  • Size

    97KB

  • Sample

    201124-yfsf7l7s3s

  • MD5

    213c6443b2bd78c4e0aad54ec8338214

  • SHA1

    264bd2b6d809a519b4348dbfc5791d3fc9342af8

  • SHA256

    e9bd299eec7dbee7d4f5c97ccf8ab27a7b77388eaa649f353e41df8b7b1df755

  • SHA512

    5dd067120c4371ad48123c8c2b21e679196c0fb7a4607cb3bd2c5cc35eee491164685bd566469649bc273460729073c4e4cbc24b1970fc5739f9b383291149e6

Score
10/10
evilgnomelinux

Malware Config

Targets

    • Target

      spy-agent-setup-linux.run

    • Size

      97KB

    • MD5

      213c6443b2bd78c4e0aad54ec8338214

    • SHA1

      264bd2b6d809a519b4348dbfc5791d3fc9342af8

    • SHA256

      e9bd299eec7dbee7d4f5c97ccf8ab27a7b77388eaa649f353e41df8b7b1df755

    • SHA512

      5dd067120c4371ad48123c8c2b21e679196c0fb7a4607cb3bd2c5cc35eee491164685bd566469649bc273460729073c4e4cbc24b1970fc5739f9b383291149e6

    Score
    7/10

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks